Job Descriptions

Page 1

SAMPLE DOCUMENT

Job Descriptions

The sample job descriptions included in this Supplement to the Guidelines for Academic

Medical Centers on Security and Privacy are not meant to be use as a replacement for

good organizational practices and documentation. Organizations are encouraged to

work with legal council and human resource staff to determine appropriate format and

content for their particular circumstance. This supplement is meant to serve as a starting

point for organizations developing or updating security and privacy officer roles.

Websuche.info die frische Suchmaschine alteredrealitycc derkach private Krankenversicherung Autoversicherung KFZ Versicherung Lebensversicherung KFZ Versicherungsvergleich Autoversicherungen KFZ Versicherungen Lebensversicherungen Horoskop Horoskope Eintrag bbsnet Reisen Urlaub Baufinanzierung Hausfinanzierung Immobilienfinanzierung Erotik Hallenbau creative-lizzy Last Minute Algarve Ferienhaus Portugal Werbemittel Werbeartikel Viking Buerobedarf Bueroartikel Bueromaterial Kalender Drucker Druckerpatronen Tintenpatronen HP Drucker Werbeartikel Werbemittel Bueromoebel Kopierer Krankenversicherungsvergleich Werbeartikel Werbemittel Kreditvergleich

tableofcontents.htm start.htm securitysectiontwo.htm securitysectionthree.htm securitysectionone.htm securitycategories.htm references.htm privacysectiontwo.htm privacysectionthree.htm privacysectionone.htm privacysectionfour.htm privacysectionfive.htm privacycategories.htm jobdescriptions.htm introduction.htm index.htm hipaatrifold.htm hipaasuppliment.htm hipaaresources.htm hipaaexecsummary.htm guidelinesorganization.htm generalpolicyguidelines.htm generalcategories.htm definitions.htm contractsandpolicies.htm contact.htm amchipaasecurityandprivacyguidelines.htm acronyms.htm acknowledgements.htm

Page 2

SAMPLE DOCUMENT

Information Security Officer

Organizational Relationships:

The position reports to an administrator within the

Department of Facilities and Systems Support Services.

Position Overview:

Implements and supports information security initiatives throughout

ORGANIZATION . Acts as a focus and resource for ORGANIZATION information

security matters. Works with those in corresponding roles at the ORGANIZATION

group practices and at ORGANIZATION Health System sites. Takes direction from the

Information Security Subcommittee and Department of Facilities and Systems Support

Services Administration. Investigates and recommends secure solutions that implement

information security policy and standards. Coordinates Office of Information Security

activities and manages staff. Oversees, implements and monitors the National Industrial

Security Program and special security requirements levied by the Department of Defense

and intelligence community agencies.

Education/Experience/Job Specifications:

A four-year college degree is required. A

Certified Information Systems Security Professional rating is desired. At least ten years

of information security work experience is required with both public and private sector

experience preferred. The ability to work effectively in a collegiate, consensus driven

organization is required, as are demonstrated personnel and information security program

management skills. A working knowledge of all aspects of information security is

essential, as is the ability to apply this knowledge in an open network environment.

Page 3

SAMPLE DOCUMENT

1. Job Specific Competency:

Provides ORGANIZATION information security oversight.

Performance Expectations/Accountabilities

a) Maintains current and appropriate body of knowledge necessary to

perform the information security management function.

b) Effectively applies information security management knowledge to

enhance the security of the open network and associated systems and

services.

c) Maintains working knowledge of external legislative and regulatory

initiatives. Interprets and translates requirements for implementation.

d) Develops appropriate information security policies, standards,

guidelines and procedures.

e) Works effectively with other ORGANIZATION information security

personnel and the committee process.

f) Provides meaningful input, prepares effective presentations and

communicates information security objectives.

g) Participates in short and long term planning.

h) Monitors Information Security Program compliance and effectiveness.

Page 4

SAMPLE DOCUMENT

2. Job Specific Competency:

Provides ORGANIZATION information security oversight.

Performance Expectations/Accountabilities

a) Works with committees and management professionals to accomplish

information security goals.

b) Coordinates and prioritizes activities of the Office of Information

Security in support of the mission.

c) Acts as a resource for matters of information security. Provides

pertinent and useful information.

d) Oversees and conducts information security reviews and liaison visits to

ORGANIZATION Health System practices. Makes recommendations

and reports to Regional Practice Administration.

e) Coordinates and performs reviews of contracts, projects and proposals.

Assists information technology proponents with standards compliance.

f) Conducts investigations of information security violations and computer

crimes. Works effectively with management and external law

enforcement to resolve these instances.

g) Reviews instances of noncompliance and works effectively and tactfully

to correct deficiencies.

Page 5

SAMPLE DOCUMENT

3. Job Specific Competency:

Manages Office of Information Security personnel.

Performance Expectations/Accountabilities

a) Determines positions and personnel necessary to accomplish

information security goals. Requests positions, screens personnel and

takes the lead in the interviewing and hiring process.

b) Develops meaningful job descriptions. Communicates expectations and

actively coaches personnel for success.

c) Prioritizes and assigns tasks. Reviews work performed. Challenges

staff to better themselves and advance the level of service provided.

d) Provides meaningful feedback to staff on an ongoing basis and formally

appraises performance annually.

Page 6

SAMPLE DOCUMENT

Chief Security Officer (CSO) (Sample #1)

Organizational Relationships:

The position reports to [administrator, CIO, vice

president, etc.]

Position Overview:

Implements and supports information security initiatives throughout

the organization. Acts as a focus and resource for information security matters. Works

with those in corresponding roles at other organizational entities. Takes direction from

the oversight committee and organization administration. Investigates and recommends

secure solutions that implement information security policy and standards. Coordinates

Office of Information Security activities and manages staff. Oversees, implements and

monitors any special security requirements levied by government agencies in the

performance of funded research, clinical trials and other activities.

Education/Experience/Job Specifications:

A four-year college degree is required. A

Certified Information Systems Security Professional rating is desired. At least ten years

of information security work experience is required with both public and private sector

experience preferred. The ability to work effectively in a collegiate, consensus driven

organization is required, as are demonstrated personnel and information security program

management skills. A working knowledge of all aspects of information security is

essential, as is the ability to apply this knowledge in an open network environment.

Page 7

SAMPLE DOCUMENT

2. Job Specific Competency:

Provides information security oversight for greater Academic Medical

Center.

Performance Expectations/Accountabilities

i) Maintains current and appropriate body of knowledge necessary to

perform the information security management function.

j) Effectively applies information security management knowledge to

enhance the security of the open network and associated systems and

services.

k) Maintains working knowledge of external legislative and regulatory

initiatives. Interprets and translates requirements for implementation.

l) Develops appropriate information security policies, standards,

guidelines and procedures.

m) Works effectively with other entity information security personnel and

the committee process.

n) Provides meaningful input, prepares effective presentations and

communicates information security objectives.

o) Participates in short and long term planning.

p) Monitors Information Security Program compliance and effectiveness.

Page 8

SAMPLE DOCUMENT

2. Job Specific Competency:

Provides information security oversight for local entities [if so structured].

Performance Expectations/Accountabilities

h) Works with committees and management professionals to accomplish

information security goals.

i) Coordinates and prioritizes activities of the Office of Information

Security in support of the mission.

j) Acts as a resource for matters of information security. Provides

pertinent and useful information.

k) Oversees and conducts information security reviews and liaison visits to

regional practices. Makes recommendations and reports to Regional

Practice Administration.

l) Coordinates and performs reviews of contracts, projects and proposals.

Assists information technology proponents with standards compliance.

m) Conducts investigations of information security violations and computer

crimes. Works effectively with management and external law

enforcement to resolve these instances.

n) Reviews instances of noncompliance and works effectively and tactfully

to correct deficiencies.

Page 9

SAMPLE DOCUMENT

3. Job Specific Competency:

Manages Office of Information Security personnel.

Performance Expectations/Accountabilities

e) Determines positions and personnel necessary to accomplish

information security goals. Requests positions, screens personnel and

takes the lead in the interviewing and hiring process.

f) Develops meaningful job descriptions. Communicates expectations and

actively coaches personnel for success.

g) Prioritizes and assigns tasks. Reviews work performed. Challenges

staff to better themselves and advance the level of service provided.

h) Provides meaningful feedback to staff on an ongoing basis and formally

appraises performance annually.

Page 10

SAMPLE DOCUMENT

Chief Information Security Officer (CSO) (Sample #2)

This position is a senior level manager responsible for championing institutional security

awareness, security policy and procedure development, and working to ensure

compliance with internal and external standards related to information security. The CSO

would report to the ORGANIZATION Deputy Corporate Compliance Officer.

Duties and Responsibilities

Chair the ORGANIZATION Information Security and Privacy Committee (ISPC) in

its policy development effort to maintain the security and integrity of

ORGANIZATION information assets in compliance with state and federal laws, and

accreditation standards.

Provide project management and operational responsibility for the administration,

coordination and implementation of information security policies and procedures

across the Health System including the Hospitals and Health Centers, Medical

School.

Perform periodic information security risk assessments including disaster recovery

and contingency planning, and coordinate internal audits to ensure that appropriate

access to ORGANIZATION information assets is maintained.

Serve as a central repository for information security-related issues and performance

indicators. Develop, implement, and administer a coordinated process for response to

such issues.

Function when necessary as an approval authority for platform and/or application

security and coordinate efforts to educate the ORGANIZATION community in good

information

security practices.

Maintain a broad understanding of federal and state laws relating to information

security and privacy, security policies, industry best practices, exposures,

and their

application to the ORGANIZATION information technology environment.

Make recommendations for short and long-range security planning in response to

future systems, new technology, and new organizational challenges.

Act as an advocate for security and privacy on internal and external committees as

necessary.

Develop, maintain and administer the security budget required to fulfill

ORGANIZATION information security expectations.

Minimum Qualifications

Bachelor's degree in Computer Science or related field or equivalent experience.

Five or more years of experience in information security.

Eight or more years of experience in information technology.

In-depth understanding of network and system security technology and practices

across all major-computing areas (mainframe, client/server, PC/LAN, telephony) with

a special emphasis on Internet related technology.

Page 11

SAMPLE DOCUMENT

Demonstrated effectiveness with consensus building, policy development and verbal

and written communication skills.

Clear ability to explain information technology concepts to audiences outside the

field.

Preferred Qualifications

Specific experiences in the health care industry.

Extensive familiarity with health care relevant legislation and standards for the

protection of health information and patient privacy.

Demonstrated successful project management expertise.

Professional certification, e.g. CISSP, CISA.

Experience with student record/higher education laws.

Page 12

Healthcare Computing Strategies, Inc. �

(Ver. 1.1) Reprint with permission

Corporate Privacy Officer � Job Description

This position description is intended to describe the general requirements for this position. It is not

meant to an exhaustive statement of duties, responsibilities and requirements.

Corporate Privacy Officer

The Corporate Privacy Officer oversees the development and implementation of corporate-wide

privacy principles, policies and practices. The Corporate Privacy Officer is responsible for

coordinating all corporate activities with privacy implications, as well as monitoring all of the

organization's services and systems to assure meaningful privacy practices. The Corporate Privacy

Officer also advocates and protects patient privacy by serving as a key privacy advisor for patients,

handling disputes and managing patient requests regarding their medical record.

Requirements:

Coordinates corporate privacy activities which include overseeing the establishment,

implementation and adherence to corporate policies on patient privacy, confidentiality and

release of patient information

Reviews new or revised government healthcare laws and regulations pertaining to patient

privacy to determine if new policies or modifications of current policies are needed

Conducts privacy risk assessments and internal privacy audits

Manages patient privacy-disputes and requests for changes to their medical record

Increases the public's awareness of the organization's efforts to preserve patient privacy

Oversees the development and delivery of privacy training and awareness.

Works closely with Health Information Management, Information Technology and Marketing

departments

Ensures that record custodians correctly protect and archive patient information

Ensures that the organization's privacy protections keep pace with technological advances

Participates in outside healthcare organizations for keeping updated on privacy developments

and "best practices" for patient privacy

Reports to the organization's executive officers on emerging legislation/regulations and how the

company is currently dealing with privacy issues

General Skills:

Good verbal and written communication skills

A high level of integrity and trust

Knowledge and understanding of technology-related law and public policy experience, clinical

research and related issues

Professional Certifications or Experience:

Registered Health Information Administrator (RHIA)

Page 13

Healthcare Computing Strategies, Inc. �

(Ver. 2.0) Reprint with Permission

Information Security Officer � Job Description

This position description is intended to describe the general requirements for this position. It is not meant to

an exhaustive statement of duties, responsibilities and requirements.

Information Security Officer

The Information Security Officer designs, develops and implements security changes and

enhancements to the Information Technology (IT) computing environments. The Information

Security Officer is responsible for determining appropriate security measures and creating policies

and procedures that monitor and control access to system resources and data. The Information

Security Officer will update security standards as necessary and is responsible for the prevention,

detection, containment and correction of security breaches.

Requirements:

Oversees the establishment, implementation and adherence to policies and procedures that guide

and support the provision of information security services

Conducts risk assessments and risk analysis to help the organization develop security standards

and procedures that support strategic, tactical and operational objectives on a cost-effective

basis

Makes recommendations on appropriate personnel, physical and technical security controls

Manages the Information Security Incident Reporting program to ensure the prevention,

detection, containment and correction of security breaches

Participates in resolving problems with security violations

Responsible for the content (and in some cases the delivery) of information security seminars

and training classes

Coordinates the communication of information security awareness to all members of the

organization

Certifies that IT systems meet predetermined security requirements

Strives to maintain high system availability

Works with vendors, IT associates, and user departments to enhance information security

General Skills:

Good verbal and written communication skills

A high level of integrity and trust

Knowledge of security hardware and software products that comply with current industry

standards.

Knowledge and understanding of technology-related state and federal regulations

Professional Certifications:

Certified Information Systems Security Professional (CISSP�)

Certified Information Systems Auditor (CISA�)